Answered by:

Creating a AD structure for Education Institution

Question

Currently our security groups and our AD structure is outta whack. We are in the process of revamping it but wpuld like feedback on how other educational institutions are approaching it. I'm not sure if I'm posting this in the right spot.

Answers

build a top level OU that contains subOUs for users and computers, that way you can link GPOs based on the user or machine setting. Also you can create this structure more deeper depending on your needs or the structure you like to built.

On the top level OU link GPOs for all and as deeper you go you can define your sets of policies. This is only one example as this belongs to your own needs and structure you like to built. There is no "default" you can take, as each company, school,
university etc. use there own structure.

When creating groups for students, I find it useful to base the group names on graduating year, rather than grade. This way there are minimal changes needed each summer when students advance to the next grade. Makes sure students and teachers/staff are in
different parent OU's, so you can apply different GPO's.

All replies

building your AD structure in AD UC is just a management overview how you handle your users, computers and security groups. You can define your own structure based on the needs for the machines with GPOs and the same for the users.

build a top level OU that contains subOUs for users and computers, that way you can link GPOs based on the user or machine setting. Also you can create this structure more deeper depending on your needs or the structure you like to built.

On the top level OU link GPOs for all and as deeper you go you can define your sets of policies. This is only one example as this belongs to your own needs and structure you like to built. There is no "default" you can take, as each company, school,
university etc. use there own structure.

When creating groups for students, I find it useful to base the group names on graduating year, rather than grade. This way there are minimal changes needed each summer when students advance to the next grade. Makes sure students and teachers/staff are in
different parent OU's, so you can apply different GPO's.

Thank you for those links. They help. I guess what i was looking for was best practices that MS has for colleges and maybe the link that you gave me is it. Sorry this is a stupid question but does MS have a design guide for colleges
as far as designing their AD structure? I'm looking for a Win2k8 design.

Microsoft is conducting an online survey to understand your opinion of the Technet Web site. If you choose to participate, the online survey will be presented to you when you leave the Technet Web site.